All you need to know about BS 7858 2019 Security Screening
Part 1: All you need to know about BS 7858:2019 Security Screening
The BS7858:2019 standard is the code of practice released by British Standards Institution (BSI) which entails best practices and guidelines for the security screening of people employed within a secure environment. It is also used where security screening is in the best interests of the public, where the security/safety of people, goods and services, data or property is a mandatory requirement of the employing organization’s operations. Initially introduced in 2013, the standard was updated in September 2019 and is now considered to be the industry standard for all employment vetting despite its initial intention for use in secure environments.
Why BS 7858:2019 security screening needed?
The objective of BS 7858 screening is to obtain sufficient information to equip organizations to make an informed decision on employing an individual in a secure environment.
- It reduces risk exposure.
- BS7858 Is often a requirement of your insurer.
- Contractual requirements - some customers may specify screening requirements, which could be equal to or above what BS 7858 requires.
- Protection of the public - who are you employing and putting on site.
- Protection of assets - staff may be put in positions of trust with access to confidential or sensitive information and security arrangements.
5 or 10-years screening?
Who or what would dictate 5 or 10-year screening in BS7858:2019? British Standard requirements for individual services dictate the screening requirements:
- BS 7499 for Security Guarding - requires 5-year screening.
- BS PD 6662 Alarm Installation - requires 5-year screening.
- BS 7872 Cash and Valuables in Transit - requires 10-year screening.
- BS 5979 Alarm Receiving Centre - requires 5-year screening.
- BS 7984 Keyholding and Response - requires 5-year screening.
There can also be contractual requirements from certain clients that would require an extension to the normal screening period. It is important the screening company understands the role the person is being screened for so you can apply the correct screening period, whether 5 or 10 years.
What are Preliminary checks in BS7858:2019?
After interview of the prospective employee and before starting the 'Limited screening' at least the following actions must be completed:
- Create a screening file.
- Information provided like application form.
- Confirmation of identity and address.
- SIA licence validation .
- Public information search (not a full credit check).
- Global watchlist and sanctions checks .
What is limited screening in BS 7858:2019?
Further to the preliminary checks the employee screening file should contain the following information:
- Confirmation of a continuous record of career and history for a minimum period of three years immediately prior to the date of application (or back to the age of 16 if this date is more recent). Evidence can be obtained verbally, or in writing or any other documentary evidence. Where evidence has been obtained, the identity of the individual and organization supplying the information should be confirmed. When contacted by telephone, the telephone number called should be confirmed independently. Phone number supplied by the individual being subject to screening should not be relied on.
- The name of the screening administrator responsible and the name of the screening controller who reviewed the file to confirm that the limited screening has been completed as per the BS 7858:2019 standards.
- Where an individual is offered conditional offer of employment following limited screening but before full screening has been completed, the T&Cs of their employment should clearly affirm that confirmed employment is subject to satisfactory completion of full secure environment screening within the period allowed and that conditional employment ends if full screening is not completed satisfactorily within the time allowed.
How to verify what has the job seeker been doing during the screening period? Is it 5 or 10 years? How do we verify the history?
Establish this by direct reference to current and former employers, Government departments and Education authorities, with confirmation in writing of details of education, employment, periods of self-employment, unemployment, and residence abroad for the whole of the screening period with no gaps greater than 31 days.
What are criminal background checks?
- SIA licensing – Is it valid and in date?
- NPCC Appendix C check – Is this required by the Police force where you are operating?
- Basic disclosure – DBS, Access NI, Disclosure Scotland
How long should it take to complete the screening? And when does the screening timescale begin?
- 5 years - 12 weeks
- 10 years - 16 weeks
Screening timescale begins from the date of starting in conditional employment.
What happens if an organisation cannot complete the screening within the required timescale?
4 weeks extension can be granted, but the business must evidence that written requests to verify information have been sent (record on the Acceptance of Risk form). Please mind that the extension of the screening period is not intended to be used to cover for a shortage of screening staff.
What is the retention period for the records?
- Screening file of those unsuccessful at preliminary screening- 12 months
- Records to be held during employment- Full screening file.
- Records to be held after cessation of employment Clause 11.3.
- How long are records held after cessation of employment - 7 years.
What are the Top management commitment in BS 7858:2019?
The Top management should:
- Top management should be committed to satisfying the recommendations of this British Standard.
- They must ensure that the resources and infrastructure needed for the screening process are available.
- Direct and support persons to contribute to the effectiveness of the screening process; and
- Ensure that the responsibilities and authorities for relevant roles are assigned and
- communicated within the organization.
Part 2: BS 7858:2019 Screening of individuals working in a secure environment - key terminology.
This British Standard provides businesses who hire people working in a secure environment with a methodology to mitigate risk exposure in terms of their human resources (HR) and to give a high level of assurance in hiring and the setting to work for such individuals. This methodology of screening individuals takes a top-down approach, that is responsibility for this process remains with top management. Top management can delegate accountability for certain roles and tasks; however, they remain responsible for this process. This methodology is driven by risk and it is incumbent on the organization to apply risk management good practice when deciding how this methodology is implemented into their organization's processes so that it consistently delivers the desired outcomes.
Individual(s) involved in support activities which may include administration, personnel, building maintenance and cleaning.
Time period after limited screening has been completed, and employment has commenced ahead of the completion of full screening.
Employment approved upon successful completion of full screening and any additional pre-requisite applied by the organization.
Employment which involves, or can involve, the acquisition of, or access to, data, information, assets or equipment, the improper use of which could involve the organization, any client of the organization, or any third party, in a security risk.
Individual within an organization engaged in screening or a third-party providing screening services.
Individual within an organization responsible for making sure that the screening process is being carried out correctly.
Period of not less than five years immediately prior to the commencement of relevant employment or transfer to relevant employment, or back to the age of 16 if this date is more recent.
- BSI BS 7858:2019 Screening of individuals working in a secure environment. Code of practice
- BSI BS 7858:2019 – TC Tracked Changes. Screening of individuals working in a secure environment. Code of practice